Fix PAT last_used_ips for /self API (!187671) · Merge requests · GitLab.org / GitLab

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

Retrieving the same Personal Access Token via /personal_access_tokens/:id and /personal_access_tokens/self should return the same response. But in the later case, the last_used_ips field is currently missing. Fix that by returning an Entities::PersonalAccessTokenWithLastUsedIps.

References

Fixes #535394 (closed)

How to set up and validate locally

Can be tested in a GDK environment.

create a PAT with read_api scope ($TOKEN in later steps)
call the /personal_access_tokens/self API:

% curl -sSf -H "PRIVATE-TOKEN: $TOKEN" \
  "http://localhost:3000/api/v4/personal_access_tokens/self" \
  | jq '{id,last_used_at,last_used_ips}'
{
  "id": 10,
  "last_used_at": "2025-04-10T08:27:52.262Z",
  "last_used_ips": [
    "127.0.0.1"
  ]
}

check last_used_ips is in the response (non-empty array, with 127.0.0.1 since the token just got used through the local interface)
without this MR, the last_used_ips field would have been missing

Edited Apr 10, 2025 by 🤖 GitLab Bot 🤖

Fix PAT last_used_ips for /self API

What does this MR do and why?

References

How to set up and validate locally

Merge request reports